Chapter 17: IP Routing in the LAN
Layer 3 switch
A LAN switch that can also perform Layer 3 routing functions. The name comes from the fact that this device makes forwarding decisions based on logic from multiple OSI layers (Layers 2 and 3).
Multilayer switch
A LAN switch that can also perform Layer 3 routing functions. The name comes from the fact that this device makes forwarding decisions based on logic from multiple OSI layers (Layers 2 and 3).
Steps to configure a Layer 3 EtherChannel
Step 1. Configure the physical interfaces as follows, in interface configuration mode: a. Add the channel-group number mode on command to add it to the channel. Use the same number for all physical interfaces on the same switch, but the number used (the channel-group number) can differ on the two neighboring switches. b. Add the no switchport command to make each physical port a routed port. Step 2. Configure the PortChannel interface: a. Use the interface port-channel number command to move to port-channel configuration mode for the same channel number configured on the physical interfaces. b. Add the no switchport command to make sure that the port-channel inter- face acts as a routed port. (IOS may have already added this command.) c. Use the ip address address mask command to configure the address and mask.
The two options to define a router interface for the native VLAN
1. Configure the ip address command on the physical interface, but without an encapsulation command; the router considers this physical interface to be using the native VLAN. 2. Configure the ip address command on a subinterface and use the encapsulation dot1q vlan-id native subcommand to tell the router both the VLAN ID and the fact that it is the native VLAN.
5. A LAN design uses a Layer 3 EtherChannel between two switches SW1 and SW2, with port-channel interface 1 used on both switches. SW1 uses ports G0/1, G0/2, and G0/3 in the channel. Which of the following are true about SW1's configuration to make the channel be able to route IPv4 packets correctly? (Choose two answers.) a. The ip address command must be on the port-channel 1 interface. b. The ip address command must be on interface G0/1 (lowest numbered port). c. The port-channel 1 interface must be configured with the no switchport command. d. Interface G0/1 must be configured with the routedport command.
A and C. With a Layer 3 EtherChannel, the physical ports and the port-channel inter- face must disable the behavior of acting like a switch port, and therefore act like a routed port, through the configuration of the no switchport interface subcommand. (The routedport command is not an IOS command.) Once created, the physical interfaces should not have an IP address configured. The port-channel interface (the inter- face representing the EtherChannel) should be configured with the IP address.
1. Router 1 has a Fast Ethernet interface 0/0 with IP address 10.1.1.1. The interface is connected to a switch. This connection is then migrated to use 802.1Q trunking. Which of the following commands could be part of a valid configuration for Router 1's Fa0/0 interface? (Choose two answers.) a. interface fastethernet 0/0.4 b. dot1q enable c. dot1q enable 4 d. trunking enable e. trunking enable 4 d. encapsulation dot1q 4
A and F. Of all the commands listed, only the two correct answers are syntactically correct router configuration commands. The command to enable 802.1Q trunking is encapsulation dot1q vlan_id.
VLAN interface
A configuration concept inside Cisco switches, used as an interface between IOS running on the switch and a VLAN supported inside the switch, so that the switch can assign an IP address and send IP packets into that VLAN.
Routed port
A port on a multilayer Cisco switch, configured with the no switchport com- mand, that tells the switch to treat the port as if it were a Layer 3 port, like a router interface.
interface port-channel channel-number
A switch command to enter PortChannel configuration mode and also to create the PortChannel if not already created
interface vlan vlan-id
A switch global command on a Layer 3 switch to create a VLAN interface and to enter configuration mode for that VLAN interface
show interfaces [interface type number] status
Among other facts, for switch ports, lists the access VLAN or the fact that the interface is a trunk; or, for routed ports, lists "routed"
Layer 3 EtherChannel (L3 EtherChannel)
An EtherChannel that acts as a routed port (that is, not a switched port), and as such, is used by a switch's Layer 3 forwarding logic. As a result, the Layer 3 switch lists the Layer 3 EtherChannel in various routes in the switch's IP routing table, with the switch balancing traffic across the various ports in the Layer 3 EtherChannel.
Switched Virtual Interface (SVI)
Another term for any VLAN interface in a Cisco switch. See also VLAN interface.
2. Router R1 has a router-on-a-stick (ROAS) configuration with two subinterfaces of interface G0/1: G0/1.1 and G0/1.2. Physical interface G0/1 is currently in a down/down state. The network engineer then configures a shutdown command when in interface configuration mode for G0/1.1 and a no shutdown command when in interface configuration mode for G0/1.2. Which answers are correct about the interface state for the subinterfaces? (Choose two answers.) a. G0/1.1 will be in a down/down state. b. G0/1.2 will be in a down/down state. c. G0/1.1 will be in an administratively down state. d. G0/1.2 will be in an up/up state.
B and C. Subinterface G0/1.1 must be in an administratively down state due to the shutdown command being issued on that subinterface. For subinterface G0/1.2, its status cannot be administratively down because of the no shutdown command. G0/1.2's state will then track to the state of the underlying physical interface. With a physical interface state of down/down, subinterface G0/1.2 will be in a down/down state in this case.
sdm prefer lanbase-routing
Command on some Cisco switches that reallocates forwarding chip memory to allow for an IPv4 routing table
6. A LAN design uses a Layer 3 EtherChannel between two switches SW1 and SW2, with port-channel interface 1 used on both switches. SW1 uses ports G0/1 and G0/2 in the channel. However, only interface G0/1 is bundled into the channel and working. Think about the configuration settings on port G0/2 that could have existed before adding G0/2 to the EtherChannel. Which answers identify a setting that could prevent IOS from adding G0/2 to the Layer 3 EtherChannel? (Choose two answers.) a. A different STP cost (spanning-tree cost value) b. A different speed (speed value) c. A default setting for switchport (switchport) d. A different access VLAN (switchport access vlan vlan-id)
B and C. With a Layer 3 EtherChannel, two configuration settings must be the same on all the physical ports, specifically the speed and duplex as set with the speed and duplex commands. Additionally, the physical ports and port-channel port must all have the no switchport command configured to make each act as a routed port. So, having a different speed setting, or being configured with switchport rather than no switchport, would prevent IOS from adding interface G0/2 to the Layer 3 EtherChannel. As for the wrong answers, both have to do with Layer 2 configuration settings. Once Layer 2 operations have been disabled because of the no switchport command, those settings related to Layer 2 that could cause problems on Layer 2 EtherChannels do not then cause problems for the Layer 3 EtherChannel. So, Layer 2 settings about access VLANs, trunking allowed lists, and STP settings, which must match before an interface can be added to a Layer 2 EtherChannel, do not matter for a Layer 3 EtherChannel.
4. An engineer has successfully configured a Layer 3 switch with SVIs for VLANs 2 and 3. Hosts in the subnets using VLANs 2 and 3 can ping each other with the Layer 3 switch routing the packets. The next week, the network engineer receives a call that those same users can no longer ping each other. If the problem is with the Layer 3 switching function, which of the following could have caused the problem? (Choose two answers.) 1. Six (or more) out of 10 working VLAN 2 access ports failing due to physical problems 2. A shutdown command issued from interface VLAN 4 configuration mode 3. VTP on the switch removing VLAN 3 from the switch's VLAN list 4. A shutdown command issued from VLAN 2 configuration mode
C and D. First, for the correct answers, a Layer 3 switch will not route packets on a VLAN interface unless it is in an up/up state. A VLAN interface will only be up/upif the matching VLAN (with the same VLAN number) exists on the switch. If VTP deletes the VLAN, then the VLAN interface moves to a down/down state, and routing in/out that interface stops. Also, disabling VLAN 2 with the shutdown command in VLAN configuration mode also causes the matching VLAN 2 interface to fail, which makes routing on interface VLAN 2 stop as well. As for the incorrect answers, a Layer 3 switch needs only one access port or trunk port forwarding for a VLAN to enable routing for that VLAN, so nine of the ten access ports in VLAN 2 could fail, leaving one working port, and the switch would keep routing for VLAN 2. A shutdown of VLAN 4 has no effect on routing for VLAN interfaces 2 and 3. Had that answer listed VLANs 2 or 3, it would definitely be a reason to make routing fail for that VLAN interface.
3. A Layer 3 switch has been configured to route IP packets between VLANs 1, 2, and 3 using SVIs, which connect to subnets 172.20.1.0/25, 172.20.2.0/25, and 172.20.3.0/25, respectively. The engineer issues a show ip route connected command on the Layer 3 switch, listing the connected routes. Which of the following answers lists a piece of information that should be in at least one of the routes? a. Interface Gigabit Ethernet 0/0.3 b. Next-hop router 172.20.2.1 c. Interface VLAN 2 d. Mask 255.255.255.0
C. The configuration of the Layer 3 switch's routing feature uses VLAN interfaces. The VLAN interface numbers must match the associated VLAN ID, so with VLANs 1, 2, and 3 in use, the switch will configure interface vlan 1, interface vlan 2 (which is the correct answer), and interface vlan 3. The matching connected routes, like all connected IP routes, will list the VLAN interfaces. As for the incorrect answers, a list of connected routes will not list any next-hop IP addresses. Each route will list an outgoing interface; the outgoing interface will not be a physical interface, but rather a VLAN interface, because the question states that the configuration uses SVIs. Finally, all the listed subnets have a /25 mask, which is 255.255.255.128, so none of the routes will list a 255.255.255.0 mask.
show interfaces interface-id switchport
For switch ports, lists information about any interface regarding administrative settings and operational state; for routed ports, the output simply confirms the port is a routed (not switched) port
[no] ip routing
Global command that enables (ip routing) or disables (no ip routing) the routing of IPv4 packets on a router or Layer 3 switch
show interfaces vlan number
Lists the interface status, the switch's IPv4 address and mask, and much more
show ip route
Lists the router's entire routing table
channel-group channel-number mode {auto | desirable | active | passive | on}
Interface subcommand that enables EtherChannel on the interface
Router-on-a-stick (ROAS)
Jargon to refer to the Cisco router feature of using VLAN trunking on an Ethernet interface, which then allows the router to route packets that happento enter the router on that trunk and then exit the router on that same trunk, just on a different VLAN.
[no] switchport
Layer 3 switch subcommand that makes the port act as a Layer 2 port (switchport) or Layer 3 routed port (no switchport)
show vlans
Lists VLAN configuration and statistics for VLAN trunks configured on routers
show ip route [connected]
Lists a subset of the IP routing table
show interfaces [interface type number]
Lists detailed status and statistical information, including IP address and mask, about all interfaces (or the listed interface only)
show etherchannel [channel-group-number] summary
Lists information about the state of EtherChannels on this switch, including whether the channel is a Layer 2 or Layer 3 EtherChannel
Subinterfaces
One of the virtual interfaces on a single physical interface.
interface type number.subint
Router global command to create a subinterface and to enter configuration mode for that subinterface
encapsulation dot1q vlan-id [native]
Router subinterface subcommand that tells the router to use 802.1Q trunking, for a particular VLAN, and with the native keyword, to not encapsulate in a trunking header
Steps to configure Layer 3 switching using SVI
Step 1. Enable IP routing on the switch, as needed: a. Use the sdm prefer lanbase-routing command (or similar) in global configuration mode to change the switch forwarding ASIC settings to make space for IPv4 routes at the next reload of the switch. b. Use the reload EXEC command in enable mode to reload (reboot) the switch to pick up the new sdm prefer command setting. c. Once reloaded, use the iprouting command in global configuration mode to enable the IPv4 routing function in IOS software and to enable key com- mands like show ip route. Step 2. Configure each SVI interface, one per VLAN for which routing should be done by this Layer 3 switch: a. Use the interface vlan vlan_id command in global configuration mode to create a VLAN interface and to give the switch's routing logic a Layer 3 interface connected into the VLAN of the same number. b. Use the ip address address mask command in VLAN interface configuration mode to configure an IP address and mask on the VLAN interface, enabling IPv4 routing on that VLAN interface. c. (As needed) Use the no shutdown command in interface configuration mode to enable the VLAN interface (if it is currently in a shutdown state).
For a VLAN interface to be in an up/up state:
Step 1. The VLAN must be defined on the local switch (either explicitly or learned with VTP). Step 2. The switch must have at least one up/up interface using the VLAN, either/both: a. An up/up access interface assigned to that VLAN b. A trunk interface for which the VLAN is in the allowed list, is STP forwarding, and is not VTP pruned Step 3. The VLAN (not the VLAN interface) must be administratively enabled (that is, not shutdown). Step 4. The VLAN interface (not the VLAN) must be administratively enabled (that is, not shutdown).
Steps to configure 802.1Q trunking on a router
Step 1. Use the interface type number.subint command in global configuration mode to create a unique subinterface for each VLAN that needs to be routed. Step 2. Use the encapsulation dot1q vlan_id command in subinterface configuration mode to enable 802.1Q and associate one specific VLAN with the subinterface. Step 3. Use the ip address address mask command in subinterface configuration mode to configure IP settings (address and mask).
List of requirements for Layer 3 EtherChannels
no switchport: The PortChannel interface must be configured with the no switchport command, and so must the physical interfaces. If a physical interface is not also configured with the no switchport command, it will not become operational in the EtherChannel. Speed: The physical ports in the channel must use the same speed. duplex: The physical ports in the channel must use the same duplex.